CN109284426A - It is a kind of most according to document classification system based on Permission Levels - Google Patents
It is a kind of most according to document classification system based on Permission Levels Download PDFInfo
- Publication number
- CN109284426A CN109284426A CN201810965462.5A CN201810965462A CN109284426A CN 109284426 A CN109284426 A CN 109284426A CN 201810965462 A CN201810965462 A CN 201810965462A CN 109284426 A CN109284426 A CN 109284426A
- Authority
- CN
- China
- Prior art keywords
- data
- document
- user terminal
- key
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
It is most according to document classification system based on Permission Levels that the present invention relates to a kind of, including several user terminals, each user terminal is correspondingly arranged on a document management subsystem, the document management subsystem includes document database, the document database for number of stored document accordingly and the index number of corresponding each document data setting, the document data includes first kind document data and the second class document data, and the multitask document file management system includes permission configuration module and data management module;In the biggish situation of data volume, data can be collected, according to Permission Levels by the way of collecting upwards, and used Encryption Algorithm encrypts original data, so, so that it may the efficiency to guarantee data security with data collection.
Description
Technical field
The present invention relates to data management systems, more specifically to a kind of more data files based on Permission Levels point
Class system.
Background technique
Document management refers to access, storage, classification and the retrieval of document, electrical form, figure and video scanning document.Each
Text has the record for being similar to index card, has recorded such as author, document description, building maths modec and the application journey used
The information of sequence type etc.These documents are generally archived on relatively inexpensive tape, and whens special circumstances is then archived in read-write
On CD.The characteristics of document management is that level shows -- the document of hierarchical structure stores and shows form, so that document more holds
Easily consult.Rights management -- administrator's permission system according to hierarchical structure document.Pass through file catalogue and document type management
People, so that the secrecy of document, the demands such as permission access are satisfied.Document publication -- inside documents publication, so that document is sent out
Cloth consults interface to internal document.Importing and exporting -- document imports and exports, and refers to by selecting specified document by it from system
Middle export, from respective file by its content recovery to it is system converting be document.This can store document for specific structure
File for backing up or resource-sharing, provide good approach for document backup, document migration, resources sharing etc..Document
Attachment -- document attachment changes the attribute of document only shorthand information, be extended to by document can with additional storage file,
Audiovisual materials etc..
But popularizing with big data, more documents are managed collectively, and the unified management inevitably increases
Data volume, and now with paperless management, so all documents can be more easily drawn, and general
After big companies or mechanism are for uniform data, the collection and calling of data will do it, and mass data is when collecting statistics
It is particularly easy to leakage, loses.The especially trains of mechanism such as hospital, public security, law court can be made if usurping data by criminal
At great social concern.
Prior art 1:CN106951791A discloses a kind of confidential document access control system based on ciphertext, based on close
The confidential document access control system of text includes document store, terminal, key storage media and key generator;Key generates
Device connects key storage media;Key storage media connects terminal;Terminal connects document store;Key generator generates Your Majesty
Key and main private key, Your Majesty's key disclose, and main private key secret is stored in key generator;When generating private key for user, key generator
It inputs main private key, user right grade etc. and generates private key for user;Private key for user secure store is in key storage media;Encryption text
When shelves, terminal inputs Your Majesty's key, document confidential etc., generates the user that can be only possessed corresponding secret visit permission or more,
The encrypted document decrypted;Encrypted document is stored in document store;Terminal obtains document from document store;Decrypted document
When, terminal inputs encrypted document and private key for user etc., and level of confidentiality corresponding to private key for user is greater than or equal to close specified by document
When grade, encrypted document is decrypted.
Prior art 2:CN107222483A discloses a kind of side of the electronic document network memory management of more access levels
Method, comprising: a. divides the access level of electronic document and user, generates corresponding rank trapdoor, establishes electronic document concordance list;
B. ciphertext document library is encrypted and established to electronic document, and ciphertext document library and concordance list are uploaded to Cloud Server;C. root
Access level according to user U is that the user U distributes rank trapdoor and the second Hash key;D. user U according to search key,
And rank trapdoor and the second Hash key for user U distribution, search trapdoor is generated, and be sent to Cloud Server;E. cloud
Server according to described search trapdoor inquire the concordance list obtain it is all meet access level, comprising described search keyword
All documents unique storage identification number set, and the ciphertext document library according to the collection query obtains the collection
Corresponding ciphertext document is closed, and the ciphertext document of acquisition is sent to user U.The present invention can search for encryption side using symmetrical
Case constructs the concordance list of encryption, is uploaded to Cloud Server together together with ciphertext database;User sends search trapdoor and inquires rope
Draw table and ciphertext database obtains relevant electronic document;Search trapdoor in concordance list is fallen into based on search key, rank
What door and Hash key constructed, the user of different access rank will possess different rank trapdoors;The present invention has also been devised simultaneously
Encryption attribute, digital signature scheme, and the dynamic of concordance list and ciphertext database is supported to update.The present invention has fully considered electronics
Document network memory management to more access levels, authorization check, dynamic update etc. requirement.Method is simple and clear, has
Very strong practicability.
Prior art 3:CN102404120A discloses the encryption method and system of a kind of electronic document, comprising: step 1:
The random key of 32 bit lengths is generated using random algorithm;Step 2: the asymmetry using document reader's digital certificate public key adds
Random key described in close algorithm for encryption forms encryption key;Step 3: close using AES symmetric encipherment algorithm and the encryption
Key encrypts confidential document, generates ciphertext;Step 4: the ciphertext, the encryption key are formed into a data packet
In deposit encryption file;Step 5: after document reader obtains the ciphertext, with the encryption key decryption ciphertext, obtaining bright
Text.The encryption method of electronic document provided by the present invention realizes and carries out security and access control to electronic document, due to adopting
Key is encrypted with rivest, shamir, adelman, electronic document is encrypted using symmetry algorithm, is solving document encryption and decryption
While speed, the safety of document ensure that, safer guarantee is provided
However, above-mentioned prior art encryption technology is complicated, can not according to Permission Levels by the way of collecting upwards, and
Used Encryption Algorithm encrypts original data, it cannot be guaranteed that the efficiency of data safety and data is lower.It is badly in need of one kind in data volume
In biggish situation, data can be collected, according to Permission Levels by the way of collecting upwards, and used Encryption Algorithm
Original data are encrypted, so, so that it may the technology to guarantee data security with the efficiency of data collection.
Summary of the invention
In view of this, what it is an object of the present invention to provide a kind of based on Permission Levels is most according to document classification system, to solve
The above problem.
In order to solve the above-mentioned technical problem, the technical scheme is that
A kind of most according to document classification system, including several user terminals based on Permission Levels, each user terminal correspondence is set
It is equipped with a document management subsystem, the document management subsystem includes document database, and the document database is for depositing
Store up the index number of document data and corresponding each document data setting, the document data include first kind document data with
And the second class document data, the multitask document file management system includes permission configuration module and data management module;
Type difference configures the user terminal to different grade points to the permission configuration module according to the user end,
The higher user terminal of grade point is higher level's user terminal of the lower user terminal of grade point, and the lower user terminal of grade point is grade point
The subordinate subscriber end of higher user terminal, the identical user terminal of grade point peer user end each other, and be the use of each grade point
Family end configures a peer servers;
The data management module includes data collection module, data interaction unit and data decentralization unit;The use
Establishing between the end of family has task data channel, and the user terminal generates document to another user terminal by the task data channel
Solicited message is managed, the document management solicited message includes document type information, content information and the first verifying letter
Breath, to generate the user terminal of document management solicited message as transmitting terminal, to receive the user terminal of the document management solicited message
For receiving end, after the first verification information is verified in receiving end, if corresponding document type information is first kind document data, according to
Corresponding document data is sent to transmitting terminal by the index number in content information;If corresponding document information is the second class
The content information is sent to the data management module by document data;Described in being received when the data management module
When content information,
If transmitting terminal is higher level's user terminal of receiving end, content request message is sent to data collection module;It is described
Data collection module obtains corresponding document data according to the index number in the content request message, and by this article file data
It is sent to corresponding transmitting terminal, the transmitting terminal encrypts the document data by the first Encryption Algorithm and generates corresponding first
Encrypted this article file data is recycled to the receiving end by key;
If transmitting terminal is the subordinate subscriber end of receiving end, content request message is sent to data decentralization unit;It is described
Data transfer unit and obtain corresponding document data according to the index number in the content request message, and the receiving end passes through
Second Encryption Algorithm encrypts the document data and generates the second key, and encrypted this article file data is sent to the transmission
End;
If transmitting terminal is the peer user end of receiving end, content request message is sent to data interaction unit;It is described
Data interaction unit obtains corresponding document data according to the index number in content request message, and the receiving end passes through third
Encryption Algorithm encrypts the document data and generates third key, and encrypted document data is sent to corresponding transmission
End, and the third key is sent to the peer servers;
The peer servers are configured with decryption policy and third decipherment algorithm, each user terminal and the peer
Server is configured with display protocol, and the decryption policy includes when user terminal needs to open the text encrypted by third Encryption Algorithm
When file data, the peer servers receive encrypted document data from user terminal, and according to document data from this article gear number
Third key is obtained according to corresponding user terminal, and the number of files is decrypted by the third decipherment algorithm and third key
According to the peer servers show corresponding document data in corresponding user terminal by the display protocol.
Further: each user terminal is configured with separate keys generation strategy, and the separate keys generation strategy is for giving birth to
At a separate keys, the separate keys and the user terminal are corresponded, and first verification information is configured at genuinely convinced in one
Business device, user terminal is by uploading the separate keys, after the central server verifies the separate keys, to the user terminal
Send first verification information.
Further: the majority includes key database according to document classification system, and the key database is for depositing
Store up first key, the second key and third key.
Further: the majority includes data trace module according to document classification system, and the data trace module is matched
It is equipped with data tracing strategy, the data tracing strategy includes configuring corresponding information of tracing to the source for every one second class document data,
The information of tracing to the source includes that information is traced to the source and type is traced to the source information in position, when the second class document data is sent to a use
When the end of family, position information of tracing to the source adds the corresponding coding of the user terminal and corresponding transmission types is added to the class
Type is traced to the source information, and the transmission types include by sending the second class document data by data collection module, passing through data
Interactive unit, which sends the second class document data and transfers unit by data, sends the second class document data.
Further: the grade point difference between channel attached two user terminals of the task data is less than or equal to
1。
Further: the majority further includes data management module according to document classification system, and the data management module is matched
It is equipped with data filing strategy, the data filing strategy includes filing obtaining step, data feedback step and data distribution step
Suddenly;
The filing obtaining step is included in a user terminal and generates several document management solicited messages and manage the document
Solicited message is sent to each subordinate subscriber end that task data channel is established with the user terminal;
Data feedback step includes waiting data collection module work to obtain encrypted document data and first close
Key;
Encrypted all document datas are respectively sent to the corresponding all juniors of the user terminal and used by data distribution step
Family end.
Further: the user terminal is configured with interim trigger, and all interim triggers are same in same time output phase
Triggering coding pass through interim trigger when receiving end needs to open through the encrypted document data of the first Encryption Algorithm
The triggering coding is sent to corresponding higher level's user terminal, which verifies after the triggering encodes to the transmission interim volume
The user terminal of code sends corresponding first key, and the user terminal is configured with the first decipherment algorithm, and first decipherment algorithm is used
In the decryption first key.
Further: the user terminal is configured with interim trigger, and all interim triggers are same in same time output phase
Triggering coding pass through interim trigger when receiving end needs to open through the encrypted document data of the second Encryption Algorithm
The triggering coding is sent to corresponding higher level's user terminal, which verifies after the triggering encodes to the transmission interim volume
The user terminal of code sends corresponding second key, and the user terminal is configured with the second decipherment algorithm, and second decipherment algorithm is used
In decryption second key.
Further: when generating first key, the user terminal is that the first key configures aging time, works as reality
When the border time is more than aging time, the first key failure.
Further: when generating first key, the user terminal is that the first key configures timeliness number, when logical
When crossing the first decipherment algorithm and being more than timeliness number using the number of first key, first key failure.
The technology of the present invention effect major embodiment is in the following areas: it is arranged in this way, it, can in the biggish situation of data volume
To be collected to data, according to Permission Levels by the way of collecting upwards, and used Encryption Algorithm encrypts original data,
So, so that it may the efficiency to guarantee data security with data collection.
Detailed description of the invention
It in order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will be to institute in embodiment
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention
Example, for those of ordinary skill in the art, without creative efforts, can also obtain according to these attached drawings
Obtain other attached drawings.
Fig. 1: most user terminal architecture principle figures according to document classification system of the invention based on Permission Levels;
Fig. 2: most overall system architecture figures according to document classification system of the invention based on Permission Levels;
Fig. 3: most task data channels operation schematic diagrams according to document classification system of the invention based on Permission Levels;
Fig. 4: most data management module architecture diagrams according to document classification system of the invention based on Permission Levels.
Appended drawing reference: 1, user terminal;10, interim trigger;11, transmitting terminal;12, receiving end;21, permission configuration module;
22, data management module;221, data collection module;222, data interaction unit;223, data transfer unit;23, data chase after
Track module;3, peer servers;4, key database;
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art's every other embodiment obtained belong to what the present invention protected
Range.Below in conjunction with attached drawing, a specific embodiment of the invention is described in further detail, so that technical solution of the present invention is easier to
Understand and grasps.
It is a kind of most according to document classification system, including several user terminals 1 based on Permission Levels shown in referring to Fig.1, it is each
User terminal 1 is correspondingly arranged on a document management subsystem, and the document management subsystem includes document database, needs to illustrate
, the present invention will not type, content to document modify, design point of the invention is, by whole system framework,
While reinforcing the efficiency of transmission of data, assuring data security, the document database described first is used for number of stored document accordingly
And the index number of corresponding each document data setting, and this index number belongs to public information, between adjacent user terminal 1
Corresponding document data can be got by index number, the document data includes first kind document data and the second class
Document data, and first kind document data can be considered as without privacy data, public data, all have for general system
Data, and then difference is related to private data to the second class document data, so when in use, user terminal 1 needs manually to two kinds
Data carry out classification marker, and the document data is correspondingly arranged with the user terminal 1, it should be noted that works as system initialization
When, each document data is all independent from each other, that is to say, that there is no one second class document datas to be stored in two simultaneously
The key that user terminal 1 and the present invention design, the multitask document file management system include permission configuration module 21 and number
According to management module 22;And it should be noted that the present invention is to be applied to logarithm based on classification, Permission Levels to the management of data
According to collection work, guarantee data security.
The permission configuration module 21 according to the user end 1 type difference configure the user terminal 1 to it is different etc.
Grade value, the higher user terminal 1 of grade point are higher level's user terminal 1 of the lower user terminal 1 of grade point, the lower user of grade point
End 1 is the subordinate subscriber end 1 of the higher user terminal 1 of grade point, the identical user terminal 1 of grade point peer user end 1 each other;Permission
Configuration module 21 as shown in Figure 1, according to permission difference configure authority credentials, if it is Corporation system, then according to group, department etc. into
Row grouping, if it is hospital, is then grouped according to department, Yuan Qu, is then divided according to area, city, province if it is government system
Group, it is above only to illustrate, and upper level user terminal 1 can obtain the data of next stage user terminal 1, the task data is logical
Grade point difference between two user terminals 1 of road connection is less than or equal to 1.It and is the user terminal 1 of each grade point configuration one
Peer servers 3;3 purpose of peer servers is the cipher round results in order to realize data, makes being described in further detail below:
The data management module 22 includes that data collection module 221, data interaction unit 222 and data transfer unit
223;Establishing between the user terminal 1 has a task data channel, and the user terminal 1 is by the task data channel to another use
Family end 1 generate document management solicited message, the document management solicited message include document type information, content information with
And first verification information, the user terminal 1 to generate document management solicited message are asked for transmitting terminal 11 with receiving the document management
The user terminal 1 for seeking information is receiving end 12, after the first verification information is verified in receiving end 12, if corresponding document type information is
Corresponding document data is sent to transmitting terminal 11 according to the index number in content information by first kind document data;If
Corresponding document information is the second class document data, and the content information is sent to the data management module 22;When
When the data management module 22 receives the content information, when the task service module receives the request content letter
When breath, such as the document data at the hope of party A-subscriber end 1 access party B-subscriber end 1 first, retrieved first by Intranet corresponding
Document data finds party B-subscriber end 1, then selects party B-subscriber end 1 that will generate corresponding document management solicited message, and document pipe
It manages solicited message and party B-subscriber end 1 is sent to by task data channel, and party B-subscriber end 1 parses the Doctype of needs first,
If it is first kind document data, is handled, do not repeated them here by original mode, if it is the second class document data,
Then handled by data service module, specific as follows:
If transmitting terminal 11A is higher level's user terminal 1 of receiving end 12B, content request message is sent to data collection list
Member 221;The data collection module 221 obtains corresponding document data according to the index number in the content request message,
And this article file data is sent to corresponding transmitting terminal 11, the transmitting terminal 11 encrypts the number of files by the first Encryption Algorithm
According to and generate corresponding first key, encrypted this article file data is recycled to the receiving end 12;A is obtained from B first
Then corresponding document data encrypts this article file data, and encrypted document data is sent back B, replace the original text of B
File data, that is to say, that when the secondary sources that A goes to the collection end B to possess, the data at the end B are " being sealed up for safekeeping ", that is, the end B
The method for opening the second class document data can be lost simultaneously, so, that is, ensure that a secondary sources one
A moment can only be opened by a terminal, and have authority relation, while if A loses or the damage end this article file data B is protected
The data stayed can be used as the backup at the end A, and if similarly obtained by higher level's user terminal 1 at the end A, simultaneously need obtain pair
The key answered, and A is no longer able to open original document.
If transmitting terminal 11A is the subordinate subscriber end 1 of receiving end 12B, it is single that content request message is sent to data decentralization
Member 223;The data decentralization unit 223 obtains corresponding document data according to the index number in the content request message,
The receiving end 12 encrypts the document data by the second Encryption Algorithm and generates the second key, by encrypted this article gear number
According to being sent to the transmitting terminal 11;And if send request is subordinate subscriber end 1, it is not belonging to the collection of data, or belong to
It is acted in the secondment of data, so encrypted document data is only sent to corresponding party B-subscriber end 1, it is understood that be B
User terminal 1 is that the data at party A-subscriber end 1 make backup, realizes core of the invention purpose, under the premise of guaranteeing data security,
Realize multidata effective management, avoid data content excessive and caused by conflict, under single point in time, only single terminal end is stored
The data.
If transmitting terminal 11A is the peer user end 1 of receiving end 12B, content request message is sent to data interaction list
Member 222;The data interaction unit 222 obtains corresponding document data according to the index number in content request message, described
Receiving end 12 encrypts the document data by third Encryption Algorithm and generates third key, and encrypted document data is sent out
It send to corresponding transmitting terminal 11, and the third key is sent to the peer servers 3;All the above encryption is calculated
Method, which is not done, limits to, and can choose as hash algorithm and other Encryption Algorithm, and this will not be repeated here, and while decrypting needs to pass through
Key+decipherment algorithm decryption algorithm, and decipherment algorithm and the corresponding configuration of Encryption Algorithm, this will not be repeated here.If it is
Peer user end 1, then serviced by intermediate server, relatively simple convenience, while guaranteeing the safety of data.
The peer servers 3 be configured with decryption policy and third decipherment algorithm, each user terminal 1 with it is described
Peer servers 3 are configured with display protocol, and the decryption policy includes being added when user terminal 1 needs to open by third Encryption Algorithm
When close document data, the peer servers 3 receive encrypted document data from user terminal 1, and according to document data from
The corresponding user terminal 1 of this article file data obtains third key, and decrypts institute by the third decipherment algorithm and third key
Document data is stated, the peer servers 3 show corresponding document data in corresponding user terminal 1 by the display protocol.
To obtain original text file data, and the former data of document will not be sent directly to party A-subscriber end 1, but be assisted by preset display
View is shown in a manner of data flow, and peer servers 3 will not store original text file data in service, only do number of files
According to conclusion and transmission effect, and it should be noted that third key is not a solid state data, according to time factor,
Three key data content real-time changes, and time parameter is added when corresponding parsing, and it should be noted that due to third key
Real-time change, so needing just to have the function of decryption from the third key that party B-subscriber end 1 obtains in real time, that is to say, that only used in B
When family end 1 is opened, party A-subscriber end 1 just there is permission to consult corresponding document data.
Each user terminal 1 is configured with separate keys generation strategy, and the separate keys generation strategy is independent for generating one
Key, the separate keys and the user terminal 1 correspond, and first verification information is configured at the central server,
User terminal 1 is by uploading the separate keys, after the central server verifies the separate keys, sends out to the user terminal 1
Send first verification information.The first key is generated according to the separate keys.Each user terminal 1 is configured with a parsing
Module, the parsing module pass through input configured with password is opened configured with parsing strategy, each second class document data
The unlatching password opens corresponding second class document data, the parsing strategy include when opening the second class document data,
A parsing code is obtained from the second class document data, by the parsing code input parsing module, the parsing module according to
The parsing code and the separate keys obtained from user terminal 1 generate the unlatching password.The concept of separate keys is and user
End 1 corresponds, and is generated in real time by user terminal 1, and Encryption Algorithm can be set to hash algorithm, and in hash algorithm
The time parameter, 1 coding parameter of user terminal is added in encryption parameter.And when user terminal 1 needs to generate the first verification information every time,
It needs through central server, and central server can be examined by backstage, and the first verification information is then sent to correspondence
User terminal 1, and each document data is encrypted, that is to say, that whenever, need to open document data and require
Password is opened in input, and parses the number that code preferably includes user terminal 1, optionally includes information of tracing to the source, and parsing module
It can be generated according to parsing code and corresponding separate keys and open password, and specific algorithm does not do and limits to, parsing module configuration
For a specific formula, this will not be repeated here, that is to say, that and document is opened every time requires separate keys and parsing code,
And even if the data are obtained by other people, this data can not also be opened by being not turned on password.
Data trace module 23, the data trace module 23 are configured with data tracing strategy, the data tracing strategy
Including configuring corresponding information of tracing to the source for every one second class document data, the information of tracing to the source includes that position is traced to the source information and class
Type is traced to the source information, and when the second class document data is sent to a user terminal 1, position information of tracing to the source adds the use
Corresponding transmission types are simultaneously added to the type and traced to the source information by the corresponding coding at family end 1, and the transmission types include logical
It crosses and the second class document data is sent by data collection module 221, the second class document is sent by data interaction unit 222
Data and pass through data transfer unit 223 send the second class document data.And once the second class document data is at other ends
End is found, so that it may by the acquisition of information of tracing to the source of addition to being which the leakage of user terminal 1 data, improve autonomous system
Safety.
The majority includes key database 4 according to document classification system, and the key database 4 is close for storing first
Key, the second key and third key.While guaranteeing data security, subordinate subscriber end can be passed through in loss of data or damage
1 recovers data.
The majority further includes data management module 22 according to document classification system, and the data management module 22 is configured with
Data filing strategy, the data filing strategy include filing obtaining step, data feedback step and data distribution step;
The filing obtaining step is included in a user terminal 1 and generates several document management solicited messages and manage the document
Solicited message is sent to each subordinate subscriber end 1 that task data channel is established with the user terminal 1;
Data feedback step includes waiting the work of data collection module 221 to obtain encrypted document data and first
Key;
Encrypted all document datas are respectively sent to the corresponding all juniors of the user terminal 1 by data distribution step
User terminal 1.
The user terminal 1 is configured with interim trigger 10, and all interim triggers 10 export identical touching in the same time
Hair coding passes through interim trigger 10 when receiving end 12 needs to open document data encrypted by the first Encryption Algorithm
The triggering coding is sent to corresponding higher level's user terminal 1, which verifies interim to this is sent after the triggering encodes
The user terminal 1 of coding sends corresponding first key, and the user terminal 1 is configured with the first decipherment algorithm, and first decryption is calculated
Method is for decrypting the first key.The user terminal 1 is configured with interim trigger 10, and all interim triggers 10 are in same a period of time
Between export identical triggering coding, when receiving end 12 needs to open document data encrypted by the second Encryption Algorithm, lead to
It crosses interim trigger 10 and sends the triggering coding to corresponding higher level's user terminal 1, which verifies triggering coding
Corresponding second key is sent to the user terminal 1 for sending the temporary code afterwards, the user terminal 1 is configured with the second decipherment algorithm,
Second decipherment algorithm is for decrypting second key.The setting of interim trigger 10, increases the peace between user terminal 1
Quan Xing guarantees under the premise of netting interior data interaction that data will not be revealed.
Whenever first key generate when, the user terminal 1 be the first key configure aging time, when practical between surpass
When the overaging time, the first key failure.When generating first key, the user terminal 1 is that the first key is matched
Timeliness number is set, when being more than timeliness number using the number of first key by the first decipherment algorithm, the first key is lost
Effect.Above-mentioned algorithm can be applied to third key and the second key, and also need explanation, when generating first key,
It is that corresponding authentication policy is configured in corresponding decipherment algorithm, it is first such as when decrypting first key by the first decipherment algorithm
The generation time for first obtaining first key, aging time is then obtained, when obtained result is more than the current time, directly exported
It decrypts failing as a result, also it may determine that timeliness, records the first key when likewise, using every time by decipherment algorithm
Feature coding, and number is recorded, when being more than preset times, directly it is judged as decryption failure, key is avoided to be used for a long time
And acquisition.
Certainly, above is representative instance of the invention, and in addition to this, the present invention can also have other a variety of specific implementations
Mode, all technical solutions formed using equivalent substitution or equivalent transformation, is all fallen within the scope of protection of present invention.
Claims (10)
1. a kind of majority based on Permission Levels is according to document classification system, it is characterised in that: including several user terminals, each user
End is correspondingly arranged on a document management subsystem, and the document management subsystem includes document database, the document data
Library accordingly and corresponds to the index number that each document data is arranged for number of stored document, and the document data includes first kind text
File data and the second class document data, the multitask document file management system include permission configuration module and data management
Module;
Type difference configures the user terminal to different grade points, grade to the permission configuration module according to the user end
It is worth higher level's user terminal that higher user terminal is the lower user terminal of grade point, the lower user terminal of grade point is that grade point is higher
User terminal subordinate subscriber end, the identical user terminal of grade point peer user end each other, and be the user terminal of each grade point
Configure a peer servers;
The data management module includes data collection module, data interaction unit and data decentralization unit;The user terminal
Between establish and have a task data channel, the user terminal is by the task data channel to another user terminal generation document management
Solicited message, the document management solicited message include document type information, content information and the first verification information, with
The user terminal for generating document management solicited message is transmitting terminal, is received with receiving the user terminal of the document management solicited message
End, after the first verification information is verified in receiving end, if corresponding document type information is first kind document data, according in request
Corresponding document data is sent to transmitting terminal by the index number held in information;If corresponding document information is the second class number of files
According to the content information is sent to the data management module;When the data management module receives in the request
When holding information,
If transmitting terminal is higher level's user terminal of receiving end, content request message is sent to data collection module;The data
Collector unit obtains corresponding document data according to the index number in the content request message, and this article file data is sent
To corresponding transmitting terminal, the transmitting terminal encrypts the document data by the first Encryption Algorithm and to generate corresponding first close
Encrypted this article file data is recycled to the receiving end by key;
If transmitting terminal is the subordinate subscriber end of receiving end, content request message is sent to data decentralization unit;The data
It transfers unit and corresponding document data is obtained according to the index number in the content request message, the receiving end passes through second
Encryption Algorithm encrypts the document data and generates the second key, and encrypted this article file data is sent to the transmitting terminal;
If transmitting terminal is the peer user end of receiving end, content request message is sent to data interaction unit;The data
Interactive unit obtains corresponding document data according to the index number in content request message, and the receiving end is encrypted by third
Document data described in algorithm for encryption simultaneously generates third key, and encrypted document data is sent to corresponding transmitting terminal, and
The third key is sent to the peer servers;
The peer servers are configured with decryption policy and third decipherment algorithm, each user terminal and the service at the same level
Device is configured with display protocol, and the decryption policy includes when user terminal needs to open the number of files encrypted by third Encryption Algorithm
According to when, the peer servers receive encrypted document data from user terminal, and according to document data from this article file data pair
The user terminal answered obtains third key, and decrypts the document data, institute by the third decipherment algorithm and third key
It states peer servers and corresponding document data is shown in corresponding user terminal by the display protocol.
2. a kind of majority based on Permission Levels as described in claim 1 is according to document classification system, it is characterised in that: Mei Yiyong
Family end is configured with separate keys generation strategy, and for the separate keys generation strategy for generating a separate keys, the independence is close
Key and the user terminal correspond, and first verification information is configured at a central server, and user terminal passes through described in upload
Separate keys after the central server verifies the separate keys, send first verification information to the user terminal.
3. a kind of majority based on Permission Levels as described in claim 1 is according to document classification system, it is characterised in that: described more
Data file categorizing system includes key database, and the key database is for storing first key, the second key and the
Three keys.
4. a kind of majority based on Permission Levels as described in claim 1 is according to document classification system, it is characterised in that: described more
Data file categorizing system includes data trace module, and the data trace module is configured with data tracing strategy, the number
It include configuring corresponding information of tracing to the source for every one second class document data according to pursive strategy, the information of tracing to the source includes that position is traced to the source
Information and type are traced to the source information, and when the second class document data is sent to a user terminal, the position is traced to the source information
It adds the corresponding coding of the user terminal and corresponding transmission types is added to the type and trace to the source information, the transmission types
Including by sending the second class document data by data collection module, sending the second class document by data interaction unit
Data and by data transfer unit send the second class document data.
5. a kind of majority based on Permission Levels as described in claim 1 is according to document classification system, it is characterised in that: described
Grade point difference between channel attached two user terminals of task data is less than or equal to 1.
6. a kind of majority based on Permission Levels as described in claim 1 is according to document classification system, it is characterised in that: described more
Data file categorizing system further includes data management module, and the data management module is configured with data filing strategy, the number
It include filing obtaining step, data feedback step and data distribution step according to archiving policies;
The filing obtaining step is included in a user terminal and generates several document management solicited messages and request the document management
Information is sent to each subordinate subscriber end that task data channel is established with the user terminal;
Data feedback step includes waiting data collection module work to obtain encrypted document data and first key;
Encrypted all document datas are respectively sent to the corresponding all subordinate subscribers of the user terminal by data distribution step
End.
7. a kind of majority based on Permission Levels as described in claim 1 is according to document classification system, it is characterised in that: the use
Family end is configured with interim trigger, and all interim triggers export identical triggering coding in the same time, when receiving end needs
When opening document data encrypted by the first Encryption Algorithm, the triggering is sent by interim trigger and is encoded to corresponding
Higher level's user terminal, higher level's user terminal are verified and send corresponding first to the user terminal for sending the temporary code after the triggering encodes
Key, the user terminal are configured with the first decipherment algorithm, and first decipherment algorithm is for decrypting the first key.
8. a kind of majority based on Permission Levels as claimed in claim 7 is according to document classification system, it is characterised in that: the use
Family end is configured with interim trigger, and all interim triggers export identical triggering coding in the same time, when receiving end needs
When opening document data encrypted by the second Encryption Algorithm, the triggering is sent by interim trigger and is encoded to corresponding
Higher level's user terminal, higher level's user terminal are verified and send corresponding second to the user terminal for sending the temporary code after the triggering encodes
Key, the user terminal are configured with the second decipherment algorithm, and second decipherment algorithm is for decrypting second key.
9. a kind of majority based on Permission Levels as claimed in claim 7 is according to document classification system, it is characterised in that: Mei Dang
One key generate when, the user terminal be the first key configure aging time, when practical between be more than aging time when, institute
State first key failure.
10. a kind of majority based on Permission Levels as claimed in claim 7 is according to document classification system, it is characterised in that: whenever
When first key generates, the user terminal is that the first key configures timeliness number, when using the by the first decipherment algorithm
When the number of one key is more than timeliness number, the first key failure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810965462.5A CN109284426B (en) | 2018-08-23 | 2018-08-23 | Multi-data document classification system based on permission level |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810965462.5A CN109284426B (en) | 2018-08-23 | 2018-08-23 | Multi-data document classification system based on permission level |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109284426A true CN109284426A (en) | 2019-01-29 |
| CN109284426B CN109284426B (en) | 2021-02-19 |
Family
ID=65182931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810965462.5A Active CN109284426B (en) | 2018-08-23 | 2018-08-23 | Multi-data document classification system based on permission level |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109284426B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112115448A (en) * | 2020-09-16 | 2020-12-22 | 安徽长泰信息安全服务有限公司 | Management system for intelligently encrypting and preventing document from being lost |
| CN114066404A (en) * | 2021-11-11 | 2022-02-18 | 金恒智控管理咨询集团股份有限公司 | Printing system based on enterprise internal control flow key points and professional judgment |
| CN114297684A (en) * | 2021-12-29 | 2022-04-08 | 广州睿冠信息科技有限公司 | Engineering document safety management system |
| CN116089986A (en) * | 2023-04-07 | 2023-05-09 | 深圳天谷信息科技有限公司 | Electronic document management method, device, equipment and medium capable of configuring security policy |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938497A (en) * | 2010-09-26 | 2011-01-05 | 深圳大学 | Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof |
| CN102347836A (en) * | 2010-04-30 | 2012-02-08 | 龚华清 | Electronic document protected view system and method |
| CN102938762A (en) * | 2012-10-26 | 2013-02-20 | 深圳出入境检验检疫局信息中心 | File safety management system based on mobile terminal |
| CN104517062A (en) * | 2013-09-26 | 2015-04-15 | 中兴通讯股份有限公司 | Method and device for sub authority document management based on document object model |
| CN107222483A (en) * | 2017-06-07 | 2017-09-29 | 中山大学 | A kind of method of the electronic document network memory management of many access levels |
| US20180196948A1 (en) * | 2017-01-11 | 2018-07-12 | Isuncloud Limited | Distributed and decentralized clound storage system and method thereof |
-
2018
- 2018-08-23 CN CN201810965462.5A patent/CN109284426B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102347836A (en) * | 2010-04-30 | 2012-02-08 | 龚华清 | Electronic document protected view system and method |
| CN101938497A (en) * | 2010-09-26 | 2011-01-05 | 深圳大学 | Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof |
| CN102938762A (en) * | 2012-10-26 | 2013-02-20 | 深圳出入境检验检疫局信息中心 | File safety management system based on mobile terminal |
| CN104517062A (en) * | 2013-09-26 | 2015-04-15 | 中兴通讯股份有限公司 | Method and device for sub authority document management based on document object model |
| US20180196948A1 (en) * | 2017-01-11 | 2018-07-12 | Isuncloud Limited | Distributed and decentralized clound storage system and method thereof |
| CN107222483A (en) * | 2017-06-07 | 2017-09-29 | 中山大学 | A kind of method of the electronic document network memory management of many access levels |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112115448A (en) * | 2020-09-16 | 2020-12-22 | 安徽长泰信息安全服务有限公司 | Management system for intelligently encrypting and preventing document from being lost |
| CN114066404A (en) * | 2021-11-11 | 2022-02-18 | 金恒智控管理咨询集团股份有限公司 | Printing system based on enterprise internal control flow key points and professional judgment |
| CN114066404B (en) * | 2021-11-11 | 2024-01-05 | 金恒智控管理咨询集团股份有限公司 | Printing system based on enterprise internal control flow main points and professional judgment |
| CN114297684A (en) * | 2021-12-29 | 2022-04-08 | 广州睿冠信息科技有限公司 | Engineering document safety management system |
| CN116089986A (en) * | 2023-04-07 | 2023-05-09 | 深圳天谷信息科技有限公司 | Electronic document management method, device, equipment and medium capable of configuring security policy |
| CN116089986B (en) * | 2023-04-07 | 2023-08-25 | 深圳天谷信息科技有限公司 | Electronic document management method, device, equipment and medium capable of configuring security policy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109284426B (en) | 2021-02-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109284426A (en) | It is a kind of most according to document classification system based on Permission Levels | |
| CN102932136B (en) | Systems and methods for managing cryptographic keys | |
| CN108833385A (en) | User data anonymity sharing method based on the encryption of alliance's chain | |
| CN112134695B (en) | Cloud platform management method and system based on quantum key distribution technology | |
| Zhang et al. | Towards secure data distribution systems in mobile cloud computing | |
| CN105516110A (en) | Mobile equipment secure data transmission method | |
| Jin et al. | Anonymous deduplication of encrypted data with proof of ownership in cloud storage | |
| CN111274599A (en) | Data sharing method based on block chain and related device | |
| US7802102B2 (en) | Method for efficient and secure data migration between data processing systems | |
| CN108881189A (en) | User data anonymity shared system based on alliance's chain | |
| CN109388952A (en) | A kind of method and apparatus of confidential document and security level identification binding | |
| Jakóbik | Big data security | |
| Murala et al. | Secure dynamic groups data sharing with modified revocable attribute-based encryption in cloud | |
| CN112565434A (en) | Cloud storage safety duplicate removal method and device based on Mercker hash tree | |
| CN115314321A (en) | Searchable encryption system and method based on block chain without secure channel | |
| CN102215214A (en) | Selective-transparent-encryption/decryption-based file protection method and system | |
| CN109934008A (en) | A kind of multitask document file management system based on Permission Levels | |
| Nooh | Cloud Cryptography: User End Encryption | |
| CN109120589B (en) | Terminal information protection method and device based on encryption password | |
| Thushara et al. | A survey on secured data sharing using ciphertext policy attribute based encryption in cloud | |
| Zhao et al. | Research on Information Security Release Scheme of Metro Intelligent Passenger Service | |
| Al-Attab et al. | Hybrid data encryption technique for data security in cloud computing | |
| Bezawada et al. | Attribute-Based Encryption: Applications and Future Directions | |
| Bachhav et al. | Secure multi-cloud data sharing using key aggregate cryptosystem for scalable data sharing | |
| Jian | Research on Data Access Security Control Mechanism under Cloud Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210125 Address after: 300020 3rd floor, unit 2, CITIC logistics park, 249 Huanghai Road, Binhai New Area Economic and Technological Development Zone, Tianjin Applicant after: CITIC Tianjin Financial Technology Service Co.,Ltd. Address before: 310004 room 304, building 4, No. 588, feijiatang, Xiacheng District, Hangzhou City, Zhejiang Province Applicant before: HANGZHOU CHUANGMENGHUI TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |